An Artificial Intelligence-based Intrusion Detection System

Intrusion detection systems have been used in many systems to avoid malicious attacks. Traditionally, these intrusion detection systems use signature-based classification to detect predefined attacks and monitor the network's overall traffic. These intrusion detection systems often fail when an unseen attack occurs, which does not match with predefined attack signatures, leaving the system hopeless and vulnerable. In addition, as new attacks emerge, we need to update the database of attack signatures, which contains the attack information. This raises concerns because it is almost impossible to define every attack in the database and make the process costly also. Recently, research in conjunction with artificial intelligence and network security has evolved. As a result, it created many possibilities to enable machine learning approaches to detect the new attacks in network traffic. Machine learning has already shown successful results in the domain of recommendation systems, speech recognition, and medical systems. So, in this paper, we utilize machine learning approaches to detect attacks and classify them. This paper uses the CSE-CIC-IDS dataset, which contains normal and malicious attacks samples. Multiple steps are performed to train the network traffic classifier. Finally, the model is deployed for testing on sample data.

Download Full-text

The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽

10.3390/s20092559 ◽

2020 ◽

Vol 20 (9) ◽

pp. 2559 ◽

Cited By ~ 9

Author(s):

Celestine Iwendi ◽

Suleman Khan ◽

Joseph Henry Anajemba ◽

Mohit Mittal ◽

Mamdouh Alenezi ◽

...

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Detection System ◽

Denial Of Service ◽

Intrusion Detection Systems ◽

Ensemble Models ◽

Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

Download Full-text

Security Enrichment in Intrusion Detection System Using Classifier Ensemble

Journal of Electrical and Computer Engineering ◽

10.1155/2017/1794849 ◽

2017 ◽

Vol 2017 ◽

pp. 1-6 ◽

Cited By ~ 5

Author(s):

Uma R. Salunkhe ◽

Suresh N. Mali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection Rate ◽

Detection System ◽

Hybrid Approach ◽

Classifier Ensemble ◽

Intrusion Detection Systems ◽

Detection Rates ◽

Detection Systems

In the era of Internet and with increasing number of people as its end users, a large number of attack categories are introduced daily. Hence, effective detection of various attacks with the help of Intrusion Detection Systems is an emerging trend in research these days. Existing studies show effectiveness of machine learning approaches in handling Intrusion Detection Systems. In this work, we aim to enhance detection rate of Intrusion Detection System by using machine learning technique. We propose a novel classifier ensemble based IDS that is constructed using hybrid approach which combines data level and feature level approach. Classifier ensembles combine the opinions of different experts and improve the intrusion detection rate. Experimental results show the improved detection rates of our system compared to reference technique.

Download Full-text

Improving the accuracy of intrusion detection systems by using the combination of machine learning approaches

2010 International Conference of Soft Computing and Pattern Recognition ◽

10.1109/socpar.2010.5686163 ◽

2010 ◽

Cited By ~ 6

Author(s):

Hadi Sarvari ◽

Mohammad Mehdi Keikha

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

Learning Approaches ◽

Detection Systems

Download Full-text

ANOMALY DETECTION USING MACHINE LEARNING APPROACHES

Azerbaijan Journal of High Performance Computing ◽

10.32010/26166127.2020.3.2.196.206 ◽

2020 ◽

Vol 3 (2) ◽

pp. 196-206

Author(s):

Mausumi Das Nath ◽

◽

Tapalina Bhattasali

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Vital Role ◽

Machine Learning Algorithms ◽

Intrusion Detection Systems ◽

Abnormal Behavior ◽

Support Vector ◽

Learning Approaches ◽

Detection Systems ◽

Internet Users

Due to the enormous usage of the Internet, users share resources and exchange voluminous amounts of data. This increases the high risk of data theft and other types of attacks. Network security plays a vital role in protecting the electronic exchange of data and attempts to avoid disruption concerning finances or disrupted services due to the unknown proliferations in the network. Many Intrusion Detection Systems (IDS) are commonly used to detect such unknown attacks and unauthorized access in a network. Many approaches have been put forward by the researchers which showed satisfactory results in intrusion detection systems significantly which ranged from various traditional approaches to Artificial Intelligence (AI) based approaches.AI based techniques have gained an edge over other statistical techniques in the research community due to its enormous benefits. Procedures can be designed to display behavior learned from previous experiences. Machine learning algorithms are used to analyze the abnormal instances in a particular network. Supervised learning is essential in terms of training and analyzing the abnormal behavior in a network. In this paper, we propose a model of Naïve Bayes and SVM (Support Vector Machine) to detect anomalies and an ensemble approach to solve the weaknesses and to remove the poor detection results

Download Full-text

Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

Applied Sciences ◽

10.3390/app10051775 ◽

2020 ◽

Vol 10 (5) ◽

pp. 1775 ◽

Cited By ~ 6

Author(s):

Roberto Magán-Carrión ◽

Daniel Urda ◽

Ignacio Díaz-Cano ◽

Bernabé Dorronsoro

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Learning Approaches ◽

Network Attack ◽

Detection Systems ◽

Network Intrusion ◽

Network Intrusion Detection Systems

Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR’16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further.

Download Full-text

A System to automate the development of anomaly-based network intrusion detection model

Journal of Physics Conference Series ◽

10.1088/1742-6596/2089/1/012006 ◽

2021 ◽

Vol 2089 (1) ◽

pp. 012006

Author(s):

B Padmaja ◽

K Sai Sravan ◽

E Krishna Rao Patro ◽

G Chandra Sekhar

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Real Time ◽

Network Traffic ◽

Intrusion Detection Systems ◽

Network Intrusion Detection ◽

Support Vector ◽

The Internet ◽

Detection Systems ◽

Network Intrusion

Abstract Cyber security is the major concern in today’s world. Over the past couple of decades, the internet has grown to such an extent that almost every individual living on this planet has the access to the internet today. This can be viewed as one of the major achievements in the human race, but on the flip side of the coin, this gave rise to a lot of security issues for every individual or the company that is accessing the web through the internet. Hackers have become active and are always monitoring the networks to grab every possible opportunity to attack a system and make the best fortune out of its vulnerabilities. To safeguard people’s and organization’s privacy in this cyberspace, different network intrusion detection systems have been developed to detect the hacker’s presence in the networks. These systems fall under signature based and anomaly based intrusion detection systems. This paper deals with using anomaly based intrusion detection technique to develop an automation system to both train and test supervised machine learning models, which is developed to classify real time network traffic as to whether it is malicious or not. Currently the best models by considering both detection success rate and the false positives rate are Artificial Neural Networks(ANN) followed by Support Vector Machines(SVM). In this paper, it is verified that Artificial Neural Network (ANN) based machine learning with wrapper feature selection outperforms support vector machine (SVM) technique while classifying network traffic as harmful or harmless. Initially to evaluate the performance of the system, NSL-KDD dataset is used to train and test the SVM and ANN models and finally classify real time network traffic using these models. This system can be used to carry out model building automatically on the new datasets and also for classifying the behaviour of the provided dataset without having to code.

Download Full-text

Network Intrusion Detection Systems Design: A Machine Learning Approach

10.5753/sbrc.2019.7413 ◽

2019 ◽

Cited By ~ 1

Author(s):

Manuel Gonçalves da Silva Neto ◽

Danielo G. Gomes

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Learning Algorithm ◽

Detection System ◽

Systems Design ◽

Machine Learning Algorithms ◽

Intrusion Detection Systems ◽

Machine Learning Techniques ◽

Detection Systems ◽

Network Intrusion

With the increasing popularization of computer network-based technologies, security has become a daily concern, and intrusion detection systems (IDS) play an essential role in the supervision of computer networks. An employed approach to combat network intrusions is the development of intrusion detection systems via machine learning techniques. The intrusion detection performance of these systems depends highly on the quality of the IDS dataset used in their design and the decision making for the most suitable machine learning algorithm becomes a difficult task. The proposed paper focuses on evaluate and accurate the model of intrusion detection system of different machine learning algorithms on two resampling techniques using the new CICIDS2017 dataset where Decision Trees, MLPs, and Random Forests on Stratified 10-Fold gives high stability in results with Precision, Recall, and F1-Scores of 98% and 99% with low execution times.

Download Full-text

A comparative simulation of normalization methods for machine learning-based intrusion detection systems using KDD Cup’99 dataset

Journal of Intelligent & Fuzzy Systems ◽

10.3233/jifs-211191 ◽

2021 ◽

pp. 1-18

Author(s):

Satish Kumar ◽

Sunanda Gupta ◽

Sakshi Arora

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection Systems ◽

High Dimensional ◽

Traffic Data ◽

Detection Systems ◽

Dimensional Network ◽

Normalization Methods ◽

Kdd Cup 99

Network Intrusion detection systems (NIDS) detect malicious and intrusive information in computer networks. Presently, commercial NIDS is based on machine learning approaches that have complex algorithms and increase intrusion detection efficiency and efficacy. These machine learning-based NIDS use high dimensional network traffic data from which intrusive information is to be detected. This high-dimensional network traffic data in NIDS needs to be preprocessed and normalized to make it suitable for machine learning tools. A machine learning approach with appropriate normalization and prepossessing increases NIDS performance. This paper presents an empirical study on various normalization methods implemented on a benchmark network traffic dataset, KDD Cup’99, that has been used to evaluate the NIDS model. The present study shows decimal normalization has a better prediction performance than non-normalized traffic data categorized into ‘normal’ or ‘intrusive’ classes.

Download Full-text

A Review on Machine Learning Approaches for Network Malicious Behavior Detection in Emerging Technologies

Entropy ◽

10.3390/e23050529 ◽

2021 ◽

Vol 23 (5) ◽

pp. 529

Author(s):

Mahdi Rabbani ◽

Yongli Wang ◽

Reza Khoshkangini ◽

Hamed Jelodar ◽

Ruxin Zhao ◽

...

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection Systems ◽

Learning Approaches ◽

Behavior Detection ◽

Detection Systems ◽

Malicious Behavior ◽

Network Intrusion ◽

Learning Techniques ◽

Detection And Recognition

Network anomaly detection systems (NADSs) play a significant role in every network defense system as they detect and prevent malicious activities. Therefore, this paper offers an exhaustive overview of different aspects of anomaly-based network intrusion detection systems (NIDSs). Additionally, contemporary malicious activities in network systems and the important properties of intrusion detection systems are discussed as well. The present survey explains important phases of NADSs, such as pre-processing, feature extraction and malicious behavior detection and recognition. In addition, with regard to the detection and recognition phase, recent machine learning approaches including supervised, unsupervised, new deep and ensemble learning techniques have been comprehensively discussed; moreover, some details about currently available benchmark datasets for training and evaluating machine learning techniques are provided by the researchers. In the end, potential challenges together with some future directions for machine learning-based NADSs are specified.

Download Full-text

Flow-based anomaly intrusion detection system using two neural network stages

Computer Science and Information Systems ◽

10.2298/csis130415035a ◽

2014 ◽

Vol 11 (2) ◽

pp. 601-622 ◽

Cited By ~ 15

Author(s):

Yousef Abuadlla ◽

Goran Kvascev ◽

Slavko Gajin ◽

Zoran Jovanovic

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

High Speed ◽

Detection System ◽

Intrusion Detection Systems ◽

Computational Time ◽

False Alarms ◽

Detection Systems

Computer systems and networks suffer due to rapid increase of attacks, and in order to keep them safe from malicious activities or policy violations, there is need for effective security monitoring systems, such as Intrusion Detection Systems (IDS). Many researchers concentrate their efforts on this area using different approaches to build reliable intrusion detection systems. Flow-based intrusion detection systems are one of these approaches that rely on aggregated flow statistics of network traffic. Their main advantages are host independence and usability on high speed networks, since the metrics may be collected by network device hardware or standalone probes. In this paper, an intrusion detection system using two neural network stages based on flow-data is proposed for detecting and classifying attacks in network traffic. The first stage detects significant changes in the traffic that could be a potential attack, while the second stage defines if there is a known attack and in that case classifies the type of attack. The first stage is crucial for selecting time windows where attacks, known or unknown, are more probable. Two different neural network structures have been used, multilayer and radial basis function networks, with the objective to compare performance, memory consumption and the time required for network training. The experimental results demonstrate that the designed models are promising in terms of accuracy and computational time, with low probability of false alarms.

Download Full-text